Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code.
"An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests," the company said in an advisory.
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and internally discovered by its product security team, impacts the following versions -
- FortiADC version 7.0.0 through 7.0.2
- FortiADC version 6.2.0 through 6.2.3
- FortiADC version 6.1.0 through 6.1.6
- FortiADC version 6.0.0 through 6.0.4
- FortiADC version 5.4.0 through 5.4.5
Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available.
The January 2023 patches also address a number of command injection vulnerabilities in FortiTester (CVE-2022-35845, CVSS score: 7.6) that could permit an authenticated attacker to execute arbitrary commands in the underlying shell.
Zoho Ships Fixes For An SQLi Flaw
Enterprise software provider Zoho is also urging customers to upgrade to the latest versions of Access Manager Plus, PAM360, and Password Manager Pro following the discovery of a severe SQL injection (SQLi) vulnerability.
Assigned the identifier CVE-2022-47523, the issue affects Access Manager Plus versions 4308 and below; PAM360 versions 5800 and below; and Password Manager Pro versions 12200 and below.
"This vulnerability can allow an adversary to execute custom queries, and access the database table entries using the vulnerable request," the India-based company said, adding it fixed the bug by adding proper validation and escaping special characters.
Although exact specifics about the shortcoming have not been disclosed, Zoho's release notes reveal that the flaw was identified in its internal framework and that it could enable all users to "access the backend database."